Add init command to set verified properties
Add a command that updates dm-verity state and sets partition.%.verified
properties used by adb remount.
This is needed in init since fs_mgr cannot set properties:
I6a28cccb1ccce960841af20a4b20c32d424b5524
Change-Id: I0fdf5bc29c56690dcadff9d0eb216d3c68483538
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c
index feb3c19..5c67333 100644
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@@ -591,7 +591,7 @@
return rc;
}
-int fs_mgr_update_verity_state()
+int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback)
{
_Alignas(struct dm_ioctl) char buffer[DM_BUF_SIZE];
char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
@@ -645,7 +645,14 @@
if (*status == 'C') {
rc = write_verity_state(state_loc, offset, VERITY_MODE_LOGGING);
- goto out;
+
+ if (rc == -1) {
+ goto out;
+ }
+ }
+
+ if (callback) {
+ callback(&fstab->recs[i], mount_point, *status);
}
}
@@ -729,6 +736,8 @@
mode = VERITY_MODE_RESTART; /* default dm-verity mode */
}
+ INFO("Enabling dm-verity for %s (mode %d)\n", mount_point, mode);
+
// load the verity mapping table
if (load_verity_table(io, mount_point, fstab->blk_device, fd, verity_table,
mode) < 0) {
diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h
index 0437d45..d2c8fff 100644
--- a/fs_mgr/include/fs_mgr.h
+++ b/fs_mgr/include/fs_mgr.h
@@ -27,6 +27,10 @@
// turn verity off in userdebug builds.
#define VERITY_METADATA_MAGIC_DISABLE 0x46464f56 // "VOFF"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
// Verity modes
enum verity_mode {
VERITY_MODE_EIO = 0,
@@ -35,10 +39,6 @@
VERITY_MODE_LAST = VERITY_MODE_RESTART
};
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/*
* The entries must be kept in the same order as they were seen in the fstab.
* Unless explicitly requested, a lookup on mount point should always
@@ -66,6 +66,10 @@
unsigned int zram_size;
};
+// Callback function for verity status
+typedef void (*fs_mgr_verity_state_callback)(struct fstab_rec *fstab,
+ const char *mount_point, int status);
+
struct fstab *fs_mgr_read_fstab(const char *fstab_path);
void fs_mgr_free_fstab(struct fstab *fstab);
@@ -84,7 +88,7 @@
int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc,
char *real_blk_device, int size);
int fs_mgr_load_verity_state(int *mode);
-int fs_mgr_update_verity_state();
+int fs_mgr_update_verity_state(fs_mgr_verity_state_callback callback);
int fs_mgr_add_entry(struct fstab *fstab,
const char *mount_point, const char *fs_type,
const char *blk_device);
diff --git a/init/builtins.cpp b/init/builtins.cpp
index fb1aa7c..01217c1 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -687,6 +687,30 @@
return -1;
}
+static void verity_update_property(struct fstab_rec *fstab,
+ const char *mount_point, int status) {
+ char key[PROP_NAME_MAX];
+ int ret;
+
+ ret = snprintf(key, PROP_NAME_MAX, "partition.%s.verified", mount_point);
+ if (ret >= PROP_NAME_MAX) {
+ ERROR("Error setting verified property for %s: name too long\n",
+ mount_point);
+ return;
+ }
+
+ ret = property_set(key, "1");
+ if (ret < 0)
+ ERROR("Error setting verified property %s: %d\n", key, ret);
+}
+
+int do_verity_update_state(int nargs, char **args) {
+ if (nargs == 1) {
+ return fs_mgr_update_verity_state(verity_update_property);
+ }
+ return -1;
+}
+
int do_write(int nargs, char **args)
{
const char *path = args[1];
diff --git a/init/init_parser.cpp b/init/init_parser.cpp
index f3d34b2..7db203f 100644
--- a/init/init_parser.cpp
+++ b/init/init_parser.cpp
@@ -202,6 +202,7 @@
break;
case 'v':
if (!strcmp(s, "erity_load_state")) return K_verity_load_state;
+ if (!strcmp(s, "erity_update_state")) return K_verity_update_state;
break;
case 'w':
if (!strcmp(s, "rite")) return K_write;
diff --git a/init/keywords.h b/init/keywords.h
index c8327c3..09f645b 100644
--- a/init/keywords.h
+++ b/init/keywords.h
@@ -37,6 +37,7 @@
int do_load_persist_props(int nargs, char **args);
int do_load_all_props(int nargs, char **args);
int do_verity_load_state(int nargs, char **args);
+int do_verity_update_state(int nargs, char **args);
int do_wait(int nargs, char **args);
#define __MAKE_KEYWORD_ENUM__
#define KEYWORD(symbol, flags, nargs, func) K_##symbol,
@@ -89,6 +90,7 @@
KEYWORD(sysclktz, COMMAND, 1, do_sysclktz)
KEYWORD(user, OPTION, 0, 0)
KEYWORD(verity_load_state, COMMAND, 0, do_verity_load_state)
+ KEYWORD(verity_update_state, COMMAND, 0, do_verity_update_state)
KEYWORD(wait, COMMAND, 1, do_wait)
KEYWORD(write, COMMAND, 2, do_write)
KEYWORD(copy, COMMAND, 2, do_copy)